governmentwikiaorg-20200215-history
Talk:2009 Lok Sabha Data Questions/@comment-91.178.203.112-20120811232845
1) Why was software testnig taking place in the US rather than in a facility in Ireland? User Acceptance testnig is usually done by the people who will be using the software (or were there a junket of BTSB people in NYC for testnig? If so, will the PAC consider that money well spent?)2) Why was the information on a laptop and not on a CD/DVD held in a secure location and only loaded to designated servers/desktops/laptops when required in the testnig labs? Having it on a floating' laptop is just not safe practice.3) If this was not testnig of software but development, why was a dummied copy of data not used?4) Why was a specification for Irish BTSB data not provided to the New York Blood Centre IT team to allow THEM to create a dummy file using US data or other fake' data simple things such as the format of an Irish PPSN (not the actual data), the specification of date formats used in Ireland, base reference data for disease types etc, a data file full of John and Mary Murphys all at different dummied addresses in Co. Letravan?5) Are they totally insane? (because some fool thought this was a GOOD idea).6) Why was Safe Harbor' not a pre-requisite for the selection of a software development supplier? Promises in a contract that your supplier will be on their best behaviour' must be auditable, audited and verified. Vague trust and happy thoughts don't cut it. Did they audit NYBC's security protocols to make sure they met the minimum standards of the DPA or did they take it on trust?7) Why ignore best practice in testnig and management of test data? Real data is not an essential thing in testnig. Test data that LOOKS like real data (ie is in the same format, has the same statistical patterns in terms of types of duff' data (things that are in the wrong fields etc).A simple principle is that data that identifies individuals should not be allowed onto a laptop that the data controller does not actually control. That they cite 256bit encryption as their security is good. However is there a guarantee that the laptop was actually encrypted or was this one of the contract terms that may or may not have been complied with?If the data was being used for testnig I would have assumed it would have been kept within the test environment. If this is a case of an eager bunny in New York bringing work home with him then we have another layer of lax security.Development of new software or software upgrades does not require live data. Testing does not require live data, except in very complex processing where the size of the dataset is important for stress testnig or there are complex matching or parsing rules that need to be tested against the imperfections you find in reality and even then a better approach is to profile your data to understand the patterns' in it (length of strings of text, incidents of data types being entered in the wrong fields etc.) which would need to be replicated in dummy data.Ultimately I fear that this will lead to a smack on the wrist at middle management level, a stern talking to a senior level and a mass cull of low level flunkies. however this represents a total failure of governance, ignorance of best practice, and a very happy path' planning approach when it comes to the security of data of a sensitive nature. This is a policy issue and I suspect we'll find that this approach to security was taken to save a few shillings on the budget.As regards the security of the 256Bit security well let's just say it is a tough nut to crack, with no direct route through it, but a few side doors that rely on speed of access (gets very techie so let's not go there) so really only are effective when you have physical access to the machine that the data is on and which is running the encryption algorthim. .This presumes that the physical computer is not a laptop that gets stolen. It also presumes, even if the laptop is stole, that the data remained in an encrypted state on the laptop.Personally, I'd suspect that if someone was dumb enough to bring sensitive data from ANOTHER NATION home with them they'd be thick enough to turn off the encryption, particularly if they were working on fixing a software bug and needed easy access to the data to play with to see if that was the cause.At least the BTSB didn't burn the data on to two DVDS and stick them in the post to the New York Blood Centre. At least I hope they didn't.The only glimmer of silver lining is that if it can be shown that the New York Blood Centre acted outside the terms of the Contract in terms of security and data protection, the BTSB might be able to sue them for their part in this mess. Of course, the New York Blood Centre's defence would be but we assumed you sent us dummy data because only a fricking moron would send us LIVE data .